Home / API Documentation

API Documentation

Complete route reference for WebFry web routes, billing flows, and API scopes.

Overview

WebFry exposes API endpoints in two scopes with the same handlers: 

https://webfry.dev/api
https://webfry.dev/api/v1

All API endpoints require X-API-Key unless explicitly documented otherwise.

Plans

  • Starter: 100 requests/month
  • Pro: unlimited requests
  • Enterprise: enterprise

SDK

Official JavaScript/TypeScript SDK:

https://github.com/webfry/webfry-sdk
Check webfry-sdk

API Routes

All routes below exist under both /api and /api/v1.

Auth & Account

POST /get_api_key
POST /new_api_key
POST /user_info
POST /regenerate

Password & Hashing

POST /password_check
POST /hash_lookup
POST /hash_lookup_site
POST /hash_generator
POST /hash_identifier
POST /common_pwd

Security Tools

POST /ip_info
POST /base64
POST /entropy
POST /generate_random_key
POST /jwt_decoder
POST /secure_encrypt
POST /secure_decrypt
POST /data_breach
POST /json_format
POST /json_minify
POST /suggestion

Authentication

Header Format

X-API-Key: your_api_key_here

Get API Key

POST /api/get_api_key

Body

{"email":"[email protected]","password":"YourPass1!"}

Rotate API Key

POST /api/new_api_key

Headers

X-API-Key: your_current_api_key

Web Routes

GET  /
GET  /health
GET  /robots
GET  /robots.txt
GET  /api-docs
GET  /docs
GET  /docs/
GET  /dashboard
GET  /login
POST /login
POST /register
POST /register/verify
POST /forgot-password
POST /forgot-password/verify
POST /logout
POST /ip_info
POST /common_pwd
POST /data_breach
POST /hash_generator

Billing Routes

POST /switch_tier
POST /billing/create_checkout_session
POST /billing/stripe/webhook

Boss Routes

POST /boss/decrypt_geoinfo2
POST /boss/stripe/create_product

Docs Routes

GET /docs/authentication
GET /docs/errors
GET /docs/getting_started
GET /docs/privacy
GET /docs/rate_limits
GET /docs/readme
GET /docs/security
GET /docs/terms

Quick Examples

Get API key

curl -X POST "https://webfry.dev/api/get_api_key" \
  -H "Content-Type: application/json" \
  -d '{"email":"[email protected]","password":"YourPass1!"}'

Password check

curl -X POST "https://webfry.dev/api/password_check" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{"password":"MySecurePassword123!"}'

Hash lookup

curl -X POST "https://webfry.dev/api/hash_lookup" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{"hashes":"5f4dcc3b5aa765d61d8327deb882cf99"}'

Error Notes

Code Description
400 Invalid request payload
401 Missing/invalid authentication
403 Forbidden action
429 Starter plan limit reached
500 Internal server error
502 Upstream backend/tool failure